kubernetes-sigs
diff --git a/‎azure/services/managedclusters/managedclusters.go‎
Lines changed: 5 additions & 16 deletions b/‎azure/services/managedclusters/managedclusters.go‎
Lines changed: 5 additions & 16 deletions
diff --git a/‎azure/services/token/client.go‎
Lines changed: 0 additions & 74 deletions b/‎azure/services/token/client.go‎
Lines changed: 0 additions & 74 deletions
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001/storage"
 	"github.com/Azure/azure-service-operator/v2/pkg/genruntime"
 	"github.com/pkg/errors"
@@ -29,7 +30,6 @@ import (
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/services/aso"
-	"sigs.k8s.io/cluster-api-provider-azure/azure/services/token"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/util/secret"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -148,7 +148,7 @@ func reconcileKubeconfig(ctx context.Context, scope ManagedClusterScope, namespa
 	}
 
 	if scope.AreLocalAccountsDisabled() {
-		userKubeconfigWithToken, err := getUserKubeConfigWithToken(userKubeConfigData, ctx, scope)
+		userKubeconfigWithToken, err := getUserKubeConfigWithToken(ctx, userKubeConfigData, scope)
 		if err != nil {
 			return nil, nil, errors.Wrap(err, "error while trying to get user kubeconfig with token")
 		}
@@ -190,28 +190,17 @@ func getUserKubeconfigData(ctx context.Context, scope ManagedClusterScope, names
 }
 
 // getUserKubeConfigWithToken returns the kubeconfig with user token, for capz to create the target cluster.
-func getUserKubeConfigWithToken(userKubeConfigData []byte, ctx context.Context, scope azure.Authorizer) ([]byte, error) {
-	tokenClient, err := token.NewClient(scope)
-	if err != nil {
-		return nil, errors.Wrap(err, "error while getting aad token client")
-	}
-
-	token, err := tokenClient.GetAzureActiveDirectoryToken(ctx, aadResourceID)
+func getUserKubeConfigWithToken(ctx context.Context, userKubeConfigData []byte, auth azure.Authorizer) ([]byte, error) {
+	token, err := auth.Token().GetToken(ctx, policy.TokenRequestOptions{Scopes: []string{aadResourceID + "/.default"}})
 	if err != nil {
 		return nil, errors.Wrap(err, "error while getting aad token for user kubeconfig")
 	}
-
-	return createUserKubeconfigWithToken(token, userKubeConfigData)
-}
-
-// createUserKubeconfigWithToken gets the kubeconfig data for authenticating with target cluster.
-func createUserKubeconfigWithToken(token string, userKubeConfigData []byte) ([]byte, error) {
 	config, err := clientcmd.Load(userKubeConfigData)
 	if err != nil {
 		return nil, errors.Wrap(err, "error while trying to unmarshal new user kubeconfig with token")
 	}
 	for _, auth := range config.AuthInfos {
-		auth.Token = token
+		auth.Token = token.Token
 		auth.Exec = nil
 	}
 	kubeconfig, err := clientcmd.Write(*config)